Peter Bridger Peter Bridger - 3 months ago 14
YAML Question

Setting directory owner and permission with appspec.yml through Amazon Web Service CodeDeploy

I'm deploying a Node.js application through Codeship using the CodeDeploy AWS deployment system.

I am making use of the appspec.yml file to set the owner and permissions of one of the deployed directory.

I want to allow read/write for any files that will be created in a specified folder of the deployment. Files will be created by the web application once it starts running.

Currently my appspec.yml contains the following:

version: 0.0
os: linux
files:
- source: /
destination: /var/www/APPLICATION_NAME
permissions:
- object: /var/www/APPLICATION_NAME/tmpfiles
mode: 644
owner: ec2-user
type:
- directory

Answer

If you have Access Control Lists (ACLs) enabled on your filesystem, you can use default ACLs on your directory to allow read/write permissions for owner/group/others on newly created files in that directory.

AWS CodeDeploy lets you specify ACLs for your files in appspec.yml. It can take any valid ACL entries that can be passed to setfacl [1]

For e.g, in your case to set read, write and execute permission for everyone on all newly created files you can do something like

version: 0.0 os: linux files:
  - source: /
    destination: /var/www/APPLICATION_NAME permissions:
  - object: /var/www/APPLICATION_NAME/tmpfiles
    mode: 644
    acls:
      - "d:u::rwx"
      - "d:g::rwx"
      - "d:o::rwx"
    owner: ec2-user
    type:
      - directory

The permissions can be restricted by the application that creates the new files. You can also set default ACL mask to set mask bits to force certain permissions. For e.g, "d:m::rw" would mask the execute permission. You can explore more about ACL and masking here http://www.vanemery.com/Linux/ACL/POSIX_ACL_on_Linux.html

[1] http://linux.die.net/man/1/setfacl